Explain unclear semantics of property `$ref` in Path Item Object #1964

cebe · 2019-06-28T07:09:42Z

Currently, as explained in #1038 (comment) the description of $ref in Path Item Object is unclear about the semantics behind it. I took the explaination from issue #1038 to make it more clear.

Hope I got the branching right, if not let me know which branch to send the PR to, I'll fix it then.

Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear.

versions/3.0.3.md

tedepstein · 2019-06-29T17:03:09Z

@cebe, thanks for picking this up where the issue left off. :-)

I have a few suggested changes for precision and alignment with standard terminology:

Allows for an external definition of this path item. A Path Item Object containing a $ref property is not a Reference Object, but the semantics of the $ref property value are the same. The $ref value MUST be a URI that resolves to a Path Item Object. The properties of the referenced object are merged into the referring Path Item Object. If the same property exists in both the referenced object and the referring object, this is a conflict. In this case, the behavior is undefined. Applications that do not define their own resolution behavior SHOULD report such conflicts as a warning or error condition.

Notes:

I had some hesitation about saying that the referenced object MUST be a Path Item Object, because it could be a partial object, meaning it doesn't have all of the required properties of a valid Path Item Object. But in fact, Path Item Object doesn't have any required values. So we can say that the $ref URI MUST resolve to a Path Item Object, meaning any object whose properties and property values are allowed in a Path Item Object. This seemed to be the cleanest way to state it.
I added the last sentence as an incremental step towards better defining validation behavior. This is a core part of conformance testing, discussed in Formalize conformance test description format #1520 and Certification program for OAS consuming implementations Outreach#35. The OpenAPI spec uses the term "undefined" in a few places, but this is the only instance of a property definition with an explicitly undefined value space. I assume that "undefined" allows applications to define their own behavior, whereas a pure error condition would not. So I'm trying to clarify how consuming applications should behave in these cases:
- Either define your own interpretation of the undefined value space, or report it as an error or warning.
- The choice of error or warning severity depends on the consuming application. If the consumer is a validator or linter, a warning might be the most appropriate default severity, because you don't want to block a downstream code generator or documentation format that actually defines useful behavior for these cases. If the consuming application is a code generator or documentation format that does not provide its own interpretation of the undefined value space, error severity might be more appropriate.

cebe · 2019-07-01T06:45:12Z

Thanks for the detailed feedback!

I agree with the change about referencing a Path Item Object, but:

Either define your own interpretation of the undefined value space

I'd like to avoid undefined behavior and would prefer to mark the situation as an error condition explicitly. Allowing different tools to handle the situation differently will definitively cause some trouble. Making it easier to implement the spec without ambiguation will prevent tooling implementors and also users from getting into weird situations.

tedepstein · 2019-07-01T13:28:19Z

Either define your own interpretation of the undefined value space

I'd like to avoid undefined behavior and would prefer to mark the situation as an error condition explicitly. Allowing different tools to handle the situation differently will definitively cause some trouble. Making it easier to implement the spec without ambiguation will prevent tooling implementors and also users from getting into weird situations.

I agree, but I assume there is some historical reason why the spec says "undefined" instead of making it an error condition. I think we need some clarification from the TSC.

philsturgeon · 2019-07-19T14:25:05Z

If something changes from "undefined" to "definite nope" then it should probably go in 3.1.0, because its kinda maybe sorta breaking but only if you're relying on undefined behavior which is kinda your own fault? Seems like the wiggle room is there to make it happen in v3.1.

cebe · 2019-07-22T14:54:23Z

Note that my adjustment does not change the definition, so the adjustment made here can go into 3.0, we could then discuss a change of defined behavior for 3.1.

tedepstein · 2019-07-22T15:10:31Z

Note that my adjustment does not change the definition, so the adjustment made here can go into 3.0, we could then discuss a change of defined behavior for 3.1.

Right. What we've tried to do here is retain "undefined" so as not to introduce a breaking change, but add a bit of guidance as to how implementations should handle this undefined case. I think that could go into a 3.0.x patch release without any issues.

Disallowing duplicate properties (or conflicting, or overlapping properties) would be a breaking change, so should probably go into 4.0 rather than 3.1. And before we suggest this breaking change, I'm hoping the TSC, or someone, can provide the history of this, explaining why the behavior was left undefined. Maybe there's a good reason for it, and in that case, we might want to define the resolution rules rather than disallowing the duplicate properties.

tedepstein · 2019-07-22T15:13:49Z

@cebe , there might be some confusion because your PR doesn't incorporate my suggested change here. If you like the suggested revisions, you might want to commit those to your cebe:patch-1 branch so we're all talking about the same thing. :-)

MikeRalphson · 2019-12-23T10:44:59Z

@tedepstein I would prefer to drop your final proposed sentence:

Applications that do not define their own resolution behavior SHOULD report such conflicts as a warning or error condition.

As declaring the behaviour as undefined and then defining what applications (implementations) SHOULD do appears to be in conflict. From a purist point of view, I would like the specification to declare its own requirements, but never impose behaviour (such as reporting errors or warnings) on implementations.

tedepstein · 2019-12-24T17:56:58Z

@MikeRalphson , I'm OK with removing that last sentence.

Please tell me if "undefined" means the same thing to you as it does to me:

We're acknowledging that the OpenAPI spec has consciously declined to specify a meaning or prescribe behavior in this case.
We could choose to disallow these conflicts, or specify semantics (e.g. properties defined in the referring context take precedence) in a later release. And we could even argue that the newly defined semantics are an addition, not a breaking change, because we've already blocked off this space as undefined.

Common-sense guidance, implied but not stated:

It's safest to avoid this undefined value space in your OpenAPI documents.
Applications may define behaviors, and users may rely on those behaviors, at their own risk. We won't stop you from doing your own thing in an undefined value space, as long as you understand that your special semantics might be clobbered by a subsequent spec release.

Is that right?

MikeRalphson · 2020-02-07T12:10:28Z

Please tell me if "undefined" means the same thing to you as it does to me:

@tedepstein I couldn't swear that your definition covers every case of undefined behaviour, but I don't see anything to disagree with in what you have there.

handrews · 2020-02-07T15:34:04Z

@tedepstein @earth2marsh this gets into the objections @whitlockjc has around three different $ref behaviors in OAS 3.1, which @webron and I were going to take a look at.

In order to make 3.0.3 compatible with the most likely approach in 3.1, I would recommend slightly different wording. I find "merge" misleading here, because it only works one level down and become undefined if there's s conflict. Which I guess is technically a merge but one that only works in a small set of cases.

As I think @MikeRalphson noted on the call, we should look at this a bit more like JSON schema's annotations in terms of defining behavior. Possible wording for that might replace

The properties of the referenced structure are merged with the local Path Item Object.
If the same property exists in both, the referenced structure and the local one, this is a conflict. In this case the behavior is undefined.

to (changed words in bold italics):

The properties of the referenced structure are examined alongside those in the local Path Item Object.
If the same property exists in both, the referenced structure and the local one, this is a conflict. In this case the behavior is undefined.

If there is a concern over "examined" not being clear enough, we could add a third sentence:

The referenced structure's properties that do not exist in the local structure are used as if they were present in the local structure.

or something like that.

This avoids terminology that sounds like it might combine properties in some deeper way, which is what I think of with the word "merge" (and is what the discarded $merge JSON Schema proposal did, so anyone who is familiar with that will probably think of it similarly).

webron · 2020-02-10T21:17:01Z

Working on this as part of the 3.0.3 release, so we're a bit more constrained in time.

Some history - in 2.0 we added the ability to $ref a Path Item Object within a Path Item Object to allow reusability (putting aside whether it makes sense or not). Two issues were involved here. The first, we did not allow users to define reusable PIOs within an API definition (should be solved in 3.1.0). The second, is that we used the construct of $ref without fully understanding the restrictions of JSON References.

Since we did not realize back then that JSON References do not allow sibling properties, we had no idea that it would be technically not possible to get to the point where there's a conflict. And so, we decided to allow a 'merge-like' behavior, and since we didn't want to deal with the case of duplication, we just said that it's undefined (instead of saying one takes precedence over the other, for example). Little did we know what this would mean for standard JSON Reference implementations out there.

While we did realize the problem before working on 3.0, actually dealing with the issue slipped through the cracks and the same definition remained. These things happen, and it means the behavior stays the same as in 2.0.

As for the change in 3.03 - I'm not a fan of the rewording. I find that specifying it is not the Reference Object is not needed. Nowhere does it say that it is. Claiming that because the field is called $ref people should assume it's the Reference Object is false, because we also have a field type in Security Scheme Object, and nobody confuses it with the Schema Object's type. The spec, in this case, is actually quite concise in the fact that it is not a JSON Reference Object, because the type of the field is not a JSON Reference Object.

I agree there's room to clarify the behavior of the $ref. I would suggest we change
If there are conflicts between the referenced definition and this Path Item's definition, the behavior is undefined.
to
In case a Path Item Object field appears both in the defined object and the referenced object, the. behavior is undefined.

@handrews - as for rewording/resolving things in 3.1, that should come in 3.1 and not here. As long as we don't use the latest JSON Schema draft in 3.0.3, it's better we steer clear of using similar terminology.

handrews · 2020-02-10T21:30:29Z

@webron my concern is to make sure we don't make things harder to resolve in 3.1.

Currently, the word "merge" does not appear in 3.0.2. If it did, I would not argue to remove it. But I am going to push very hard to avoid adding it. There is no single word involved in JSON Schema or JSON Reference that has been the subject of more fights and assumptions than "merge."

I will be happy with literally any other word. "examine", "combine", "zipper", "splat", seriously anything but "merge." The way people make assumptions around the word "merge" and connect it to past proposals elsewhere will make the change from 3.0.3 to 3.1.0 in this specific area much, much harder.

webron · 2020-02-10T21:33:23Z

Sure, but the change I recommend making doesn't have the term "merge" in it either. :)

handrews · 2020-02-10T21:35:09Z

@webron oh I assumed you meant changing

The properties of the referenced structure are merged with the local Path Item Object.
If the same property exists in both, the referenced structure and the local one, this is a conflict. In this case the behavior is undefined.

to

The properties of the referenced structure are merged with the local Path Item Object. In case a Path Item Object field appears both in the defined object and the referenced object, the. behavior is undefined.

leaving the sentence with "merge" intact.

handrews · 2020-02-10T21:36:16Z

If you want to cut that first sentence and just have

In case a Path Item Object field appears both in the defined object and the referenced object, the. behavior is undefined.

then I am totally fine with that 😁

webron · 2020-02-10T21:40:54Z

To clarify, I think what I suggested was the only change we might want to do. I find the rest not needed.

MikeRalphson · 2020-02-14T16:16:07Z

To clarify, I think what I suggested was the only change we might want to do. I find the rest not needed.

👍 I think this is both a positive change and all we need to do for v3.0.3. Hopefully all the $ref language will be brought as far into line as possible in v3.1

@webron

* 3.0.3 prep * Update README.md * Update README.md * Removed confusing comment * Updated text for OperationRef * Clarified supported Ecma edition for regex Added supported Ecma edition (5.1) for regular expressions in the link text and used the formal name: [Ecma-262 Edition 5.1](https://www.ecma-international.org/ecma-262/5.1/). See also: #1687 * Make ABNF for runtime expressions complete * json-schema.org and commonmark.org now support https * Update 3.0.2.md fixed typo * Update 3.0.2.md fixed typo * Fixed typo * Update 3.0.3.md fixed typo * Update 3.0.2.md fixed typo * explicit 'forward slash' * add back quotes * fix difference between yaml and json in Response Object Examples * fix typo in Callback Object * Update 3.0.2.md * yaml.org supports https, but www.yaml.org is misconfigured * allow, but discourage, requestBody for GET, HEAD, DELETE * spelling error * retain typo in v3.0.2; fix for v3.0.3 (#1899) * Corrected pattern regex dialect link * TSC 2019-10-03 Feedback This sentance was meant to paraphrase semver for clarifty, but ended up suggesting a confusion situation where new things essentially cannot really happen. @webron has context on this. * Ron's wording for Darrels feedback * ted updates * backticks * Improved callback examples * fix #2053: `style` keyword is not supported inside Schema object * Resolved undocumented nullable behavior (#2046) * Resolved undocumented nullable behavior OpenAPI Schema Objects and JSON Schema have a few fundamental differences, and this clears up a bit of confusion about one of them. * Added ted updates from oct 31st TSC Co-Authored-By: Ted Epstein <[email protected]> * Update versions/3.0.3.md Co-Authored-By: Darrel <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (#2006) * The examples keyword is not supported inside schema (#2042) * examples not supported inside schema * figured it out * a tiny little edit * Replace 'application' by 'API' within the 'Info Object' definition. (#2004) * OpenAPI not Open API * Revert "allow, but discourage, requestBody for GET, HEAD, DELETE" * Clarify constraints on Security Scheme Object Scheme Property (#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme * Fix formatting errors in example (#2132) * Server Variable Object clarifications (#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning * Path Templating Clarification - proposed fix for #1830. (#1831) * Proposed fix for #1830. Each variable expression in a path must have a corresponding path parameter. * #1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update #1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. * Clarify the spec to allow optional or unspecified OAuth scopes (#1888) * Referencing issue #513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For #513, adjusting language and removing examples For #513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> * Clarify empty Security Requirement Object usage and validity (#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> * fix a typo in the Security Filtering section (#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in #1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue #1038 to make it more clear. * Update versions/3.0.3.md Co-authored-by: Ron <[email protected]> * Update 3.0.3 for release (#2149) * Update README.md for release * Update release date for 3.0.3 Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: Seiya <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Rich Ellis <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Carsten Brandt <[email protected]>

…#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]>

@darrelmiller

* fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for #1830. (#1831) * Proposed fix for #1830. Each variable expression in a path must have a corresponding path parameter. * #1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update #1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in #1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue #1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix #2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (#1888) * Referencing issue #513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For #513, adjusting language and removing examples For #513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (#1779) * Fix: #832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (#2103) * Add webhooks as a top-level element to the spec * Add the changes from #2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (#2115) This adapts the language from PR #2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (#2152) * Add SPDX identifier field to license object, fixes #1599 (#2105) * Add information about objects to the description too * Make paths object optional (#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for #1830. (#1831) * Proposed fix for #1830. Each variable expression in a path must have a corresponding path parameter. * #1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update #1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in #1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue #1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix #2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (#1888) * Referencing issue #513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For #513, adjusting language and removing examples For #513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (#2181) * HTTP not REST (#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (#2246) * Update version for release (#2269) Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (#1779) * Fix: #832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (#2103) * Add webhooks as a top-level element to the spec * Add the changes from #2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (#2115) This adapts the language from PR #2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (#2152) * Add SPDX identifier field to license object, fixes #1599 (#2105) * Add information about objects to the description too * Make paths object optional (#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for #1830. (#1831) * Proposed fix for #1830. Each variable expression in a path must have a corresponding path parameter. * #1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update #1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in #1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue #1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix #2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (#1888) * Referencing issue #513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For #513, adjusting language and removing examples For #513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (#2181) * HTTP not REST (#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (#2246) * Update version for release (#2269) * $schema Guidance (#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address #2287 (#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (#2335) Followup to #1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (#1779) * Fix: #832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (#2103) * Add webhooks as a top-level element to the spec * Add the changes from #2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (#2115) This adapts the language from PR #2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (#2152) * Add SPDX identifier field to license object, fixes #1599 (#2105) * Add information about objects to the description too * Make paths object optional (#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for #1830. (#1831) * Proposed fix for #1830. Each variable expression in a path must have a corresponding path parameter. * #1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update #1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in #1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue #1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix #2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (#1888) * Referencing issue #513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For #513, adjusting language and removing examples For #513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (#2181) * HTTP not REST (#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (#2246) * x-oas- to x-oai- (v3.1.0-dev) * Update version for release (#2269) * $schema Guidance (#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * x-oai- / x-oas-; reserve both * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address #2287 (#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (#2335) Followup to #1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev * Added words relating to adopting semantics of JSON Schema (#2330) * Added words relating to adopting semantics of JSON Schema * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * fix typo in release history table * fix link to style values in serialization table * Fix misspelling of a keyword in text (#2389) * Update wording that referred to the year 2019 as the current year (#2390) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema (#2394) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema * Update verbiage to be more accurate Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Update 3.1.0.md (#2405) Improve wording about 'summary' and 'description' in Reference Object * long descriptions are cool too (#2408) Co-authored-by: Phil Sturgeon <[email protected]> * Unescaped Slashes Aint Welcome Around 'Ere (#2218) * oas 3.0 doesn't mention slashes not allowed * none of those either Co-authored-by: Phil Sturgeon <[email protected]> * Add missing field and use same summaries in Request Body Examples. (#2362) * Add missing schema type in Operation Object YAML Example. (#2361) * OAS schema dialect clarifications (#2399) * OAS schema dialect clarifications * OAS schema dialect clarifications Signed-off-by: Mike Ralphson <[email protected]> * $schema is allowed in subschemas when bundling Co-authored-by: Ben Hutton <[email protected]> * Schema dialect clarifications from Ben Signed-off-by: Mike Ralphson <[email protected]> * Use top-level jsonSchemaDialect field Co-authored-by: Ben Hutton <[email protected]> * Update JSON Schema Draft to 2020-12 and make $ref resolution rules explicit (#2437) * fix http link to json-schema.org Signed-off-by: Mike Ralphson <[email protected]> * fix http link to spec.commonmark.org Signed-off-by: Mike Ralphson <[email protected]> * Specify rules for $ref resolution Signed-off-by: Mike Ralphson <[email protected]> * Specify relative resolution rules for pathItem $ref and example externalValue Signed-off-by: Mike Ralphson <[email protected]> * Update JSON Schema draft links to 2020-12 IETF pages Signed-off-by: Mike Ralphson <[email protected]> * Make language about 'MUST be in the form of a ...' consistent Signed-off-by: Mike Ralphson <[email protected]> * Make it clear pathItem $refs don't need to be external now Signed-off-by: Mike Ralphson <[email protected]> * Make RFC links consistent with regard to spacing Signed-off-by: Mike Ralphson <[email protected]> * Allow a URI for example.externalValue fields This makes it fall under the rules for relative references. Signed-off-by: Mike Ralphson <[email protected]> * Explicitly call out $ref as a Relative Reference * Remove wording about what implementations SHOULD/MAY do with a $ref * Prefer 'referenced document' to 'referrant document' for clarity * Fix JSON Schema $ref resolution fallback rule * Add links back to #relativeReferences definition * Split #relativeReferences definition into URL and URI sections Signed-off-by: Mike Ralphson <[email protected]> * Clean-up wording about $refs in responsesObjects, fixes #1679 (#2442) * Clean-up wording about $refs in responsesObjects, fixes #1679 * Agreed to remove explicit verbiage around $refs in responseObjects, fixes #1679 * fix: two typos in versions/3.1.0.md (#2452) * Fix, clarify, and simplify content type schemas (#2351) * Fix, clarify, and simplify content type schemas This fixes #2349, which caught that an encoded PNG image is encoded into a text media type. In the process I realized some other errors, and simplified things. * HTTP `Content-Type` is always handled by OAS * Media Type Object key in most cases * Encoding object (possibly inferred from schema) in `multipart/form-data` * HTTP-level `Content-Encoding` is always handled by the OAS Header Object * JSON Schema "content*" is used for embedding one media type into another * the encoded resource is of media type `text/plain` * `"contentMediaType"` is the embedded media type after decoding * `"contentEncoding"` is how to encode/decode binary to/from text This removes any chance of `"contentMediaType"` conflicting with the Media Type Object key or with `contentType` in the Encoding Object, as they now always do different things. Likewise, the HTTP `Content-Encoding` header (with values like gzip, deflate, etc.) does different things than `"contentEncoding"` (which has values like base64, base64url, quoted-printable, etc.). The deprecated part header `Content-Transfer-Encoding` is likewise handled in the Encoding Object, but is probably never used. * Fix Content-Type to indicate semantics ...rather than literal content format on the wire. * Update 3.1.0.md Fixed a typo and changed a SHOULD to MAY. * Update versions/3.1.0.md * clarify default encoding content type value. * Describe interaction between JSON Schema contentEncoding and HTTP Content-Encoding header Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Kistler <[email protected]> * 3.1.0 release prep (#2461) * 3.1.0 release prep * Update README.md * reframing `user` as `author` (#2463) Per comment in review, authors determine whether a spec is a single or multipart document. Those who consume the spec care more about the information itself and less (or not at all directly) about how it was assembled. * fixed the dash character Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: Deven Phillips <[email protected]> Co-authored-by: Vladimir <[email protected]> Co-authored-by: Quint Daenen <[email protected]>

@webron

* 3.0.3 prep * Update README.md * Update README.md * Removed confusing comment * Updated text for OperationRef * Clarified supported Ecma edition for regex Added supported Ecma edition (5.1) for regular expressions in the link text and used the formal name: [Ecma-262 Edition 5.1](https://www.ecma-international.org/ecma-262/5.1/). See also: OAI#1687 * Make ABNF for runtime expressions complete * json-schema.org and commonmark.org now support https * Update 3.0.2.md fixed typo * Update 3.0.2.md fixed typo * Fixed typo * Update 3.0.3.md fixed typo * Update 3.0.2.md fixed typo * explicit 'forward slash' * add back quotes * fix difference between yaml and json in Response Object Examples * fix typo in Callback Object * Update 3.0.2.md * yaml.org supports https, but www.yaml.org is misconfigured * allow, but discourage, requestBody for GET, HEAD, DELETE * spelling error * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) * Corrected pattern regex dialect link * TSC 2019-10-03 Feedback This sentance was meant to paraphrase semver for clarifty, but ended up suggesting a confusion situation where new things essentially cannot really happen. @webron has context on this. * Ron's wording for Darrels feedback * ted updates * backticks * Improved callback examples * fix OAI#2053: `style` keyword is not supported inside Schema object * Resolved undocumented nullable behavior (OAI#2046) * Resolved undocumented nullable behavior OpenAPI Schema Objects and JSON Schema have a few fundamental differences, and this clears up a bit of confusion about one of them. * Added ted updates from oct 31st TSC Co-Authored-By: Ted Epstein <[email protected]> * Update versions/3.0.3.md Co-Authored-By: Darrel <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) * OpenAPI not Open API * Revert "allow, but discourage, requestBody for GET, HEAD, DELETE" * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme * Fix formatting errors in example (OAI#2132) * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.0.3.md Co-authored-by: Ron <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: Seiya <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Rich Ellis <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Carsten Brandt <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * x-oas- to x-oai- (v3.1.0-dev) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * x-oai- / x-oas-; reserve both * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev * Added words relating to adopting semantics of JSON Schema (OAI#2330) * Added words relating to adopting semantics of JSON Schema * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * fix typo in release history table * fix link to style values in serialization table * Fix misspelling of a keyword in text (OAI#2389) * Update wording that referred to the year 2019 as the current year (OAI#2390) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema (OAI#2394) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema * Update verbiage to be more accurate Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Update 3.1.0.md (OAI#2405) Improve wording about 'summary' and 'description' in Reference Object * long descriptions are cool too (OAI#2408) Co-authored-by: Phil Sturgeon <[email protected]> * Unescaped Slashes Aint Welcome Around 'Ere (OAI#2218) * oas 3.0 doesn't mention slashes not allowed * none of those either Co-authored-by: Phil Sturgeon <[email protected]> * Add missing field and use same summaries in Request Body Examples. (OAI#2362) * Add missing schema type in Operation Object YAML Example. (OAI#2361) * OAS schema dialect clarifications (OAI#2399) * OAS schema dialect clarifications * OAS schema dialect clarifications Signed-off-by: Mike Ralphson <[email protected]> * $schema is allowed in subschemas when bundling Co-authored-by: Ben Hutton <[email protected]> * Schema dialect clarifications from Ben Signed-off-by: Mike Ralphson <[email protected]> * Use top-level jsonSchemaDialect field Co-authored-by: Ben Hutton <[email protected]> * Update JSON Schema Draft to 2020-12 and make $ref resolution rules explicit (OAI#2437) * fix http link to json-schema.org Signed-off-by: Mike Ralphson <[email protected]> * fix http link to spec.commonmark.org Signed-off-by: Mike Ralphson <[email protected]> * Specify rules for $ref resolution Signed-off-by: Mike Ralphson <[email protected]> * Specify relative resolution rules for pathItem $ref and example externalValue Signed-off-by: Mike Ralphson <[email protected]> * Update JSON Schema draft links to 2020-12 IETF pages Signed-off-by: Mike Ralphson <[email protected]> * Make language about 'MUST be in the form of a ...' consistent Signed-off-by: Mike Ralphson <[email protected]> * Make it clear pathItem $refs don't need to be external now Signed-off-by: Mike Ralphson <[email protected]> * Make RFC links consistent with regard to spacing Signed-off-by: Mike Ralphson <[email protected]> * Allow a URI for example.externalValue fields This makes it fall under the rules for relative references. Signed-off-by: Mike Ralphson <[email protected]> * Explicitly call out $ref as a Relative Reference * Remove wording about what implementations SHOULD/MAY do with a $ref * Prefer 'referenced document' to 'referrant document' for clarity * Fix JSON Schema $ref resolution fallback rule * Add links back to #relativeReferences definition * Split #relativeReferences definition into URL and URI sections Signed-off-by: Mike Ralphson <[email protected]> * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 (OAI#2442) * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 * Agreed to remove explicit verbiage around $refs in responseObjects, fixes OAI#1679 * fix: two typos in versions/3.1.0.md (OAI#2452) * Fix, clarify, and simplify content type schemas (OAI#2351) * Fix, clarify, and simplify content type schemas This fixes OAI#2349, which caught that an encoded PNG image is encoded into a text media type. In the process I realized some other errors, and simplified things. * HTTP `Content-Type` is always handled by OAS * Media Type Object key in most cases * Encoding object (possibly inferred from schema) in `multipart/form-data` * HTTP-level `Content-Encoding` is always handled by the OAS Header Object * JSON Schema "content*" is used for embedding one media type into another * the encoded resource is of media type `text/plain` * `"contentMediaType"` is the embedded media type after decoding * `"contentEncoding"` is how to encode/decode binary to/from text This removes any chance of `"contentMediaType"` conflicting with the Media Type Object key or with `contentType` in the Encoding Object, as they now always do different things. Likewise, the HTTP `Content-Encoding` header (with values like gzip, deflate, etc.) does different things than `"contentEncoding"` (which has values like base64, base64url, quoted-printable, etc.). The deprecated part header `Content-Transfer-Encoding` is likewise handled in the Encoding Object, but is probably never used. * Fix Content-Type to indicate semantics ...rather than literal content format on the wire. * Update 3.1.0.md Fixed a typo and changed a SHOULD to MAY. * Update versions/3.1.0.md * clarify default encoding content type value. * Describe interaction between JSON Schema contentEncoding and HTTP Content-Encoding header Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Kistler <[email protected]> * 3.1.0 release prep (OAI#2461) * 3.1.0 release prep * Update README.md * reframing `user` as `author` (OAI#2463) Per comment in review, authors determine whether a spec is a single or multipart document. Those who consume the spec care more about the information itself and less (or not at all directly) about how it was assembled. * fixed the dash character Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: Deven Phillips <[email protected]> Co-authored-by: Vladimir <[email protected]> Co-authored-by: Quint Daenen <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * x-oas- to x-oai- (v3.1.0-dev) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * x-oai- / x-oas-; reserve both * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev * Added words relating to adopting semantics of JSON Schema (OAI#2330) * Added words relating to adopting semantics of JSON Schema * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * fix typo in release history table * fix link to style values in serialization table * Fix misspelling of a keyword in text (OAI#2389) * Update wording that referred to the year 2019 as the current year (OAI#2390) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema (OAI#2394) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema * Update verbiage to be more accurate Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Update 3.1.0.md (OAI#2405) Improve wording about 'summary' and 'description' in Reference Object * long descriptions are cool too (OAI#2408) Co-authored-by: Phil Sturgeon <[email protected]> * Unescaped Slashes Aint Welcome Around 'Ere (OAI#2218) * oas 3.0 doesn't mention slashes not allowed * none of those either Co-authored-by: Phil Sturgeon <[email protected]> * Add missing field and use same summaries in Request Body Examples. (OAI#2362) * Add missing schema type in Operation Object YAML Example. (OAI#2361) * OAS schema dialect clarifications (OAI#2399) * OAS schema dialect clarifications * OAS schema dialect clarifications Signed-off-by: Mike Ralphson <[email protected]> * $schema is allowed in subschemas when bundling Co-authored-by: Ben Hutton <[email protected]> * Schema dialect clarifications from Ben Signed-off-by: Mike Ralphson <[email protected]> * Use top-level jsonSchemaDialect field Co-authored-by: Ben Hutton <[email protected]> * Update JSON Schema Draft to 2020-12 and make $ref resolution rules explicit (OAI#2437) * fix http link to json-schema.org Signed-off-by: Mike Ralphson <[email protected]> * fix http link to spec.commonmark.org Signed-off-by: Mike Ralphson <[email protected]> * Specify rules for $ref resolution Signed-off-by: Mike Ralphson <[email protected]> * Specify relative resolution rules for pathItem $ref and example externalValue Signed-off-by: Mike Ralphson <[email protected]> * Update JSON Schema draft links to 2020-12 IETF pages Signed-off-by: Mike Ralphson <[email protected]> * Make language about 'MUST be in the form of a ...' consistent Signed-off-by: Mike Ralphson <[email protected]> * Make it clear pathItem $refs don't need to be external now Signed-off-by: Mike Ralphson <[email protected]> * Make RFC links consistent with regard to spacing Signed-off-by: Mike Ralphson <[email protected]> * Allow a URI for example.externalValue fields This makes it fall under the rules for relative references. Signed-off-by: Mike Ralphson <[email protected]> * Explicitly call out $ref as a Relative Reference * Remove wording about what implementations SHOULD/MAY do with a $ref * Prefer 'referenced document' to 'referrant document' for clarity * Fix JSON Schema $ref resolution fallback rule * Add links back to #relativeReferences definition * Split #relativeReferences definition into URL and URI sections Signed-off-by: Mike Ralphson <[email protected]> * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 (OAI#2442) * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 * Agreed to remove explicit verbiage around $refs in responseObjects, fixes OAI#1679 * fix: two typos in versions/3.1.0.md (OAI#2452) * Fix, clarify, and simplify content type schemas (OAI#2351) * Fix, clarify, and simplify content type schemas This fixes OAI#2349, which caught that an encoded PNG image is encoded into a text media type. In the process I realized some other errors, and simplified things. * HTTP `Content-Type` is always handled by OAS * Media Type Object key in most cases * Encoding object (possibly inferred from schema) in `multipart/form-data` * HTTP-level `Content-Encoding` is always handled by the OAS Header Object * JSON Schema "content*" is used for embedding one media type into another * the encoded resource is of media type `text/plain` * `"contentMediaType"` is the embedded media type after decoding * `"contentEncoding"` is how to encode/decode binary to/from text This removes any chance of `"contentMediaType"` conflicting with the Media Type Object key or with `contentType` in the Encoding Object, as they now always do different things. Likewise, the HTTP `Content-Encoding` header (with values like gzip, deflate, etc.) does different things than `"contentEncoding"` (which has values like base64, base64url, quoted-printable, etc.). The deprecated part header `Content-Transfer-Encoding` is likewise handled in the Encoding Object, but is probably never used. * Fix Content-Type to indicate semantics ...rather than literal content format on the wire. * Update 3.1.0.md Fixed a typo and changed a SHOULD to MAY. * Update versions/3.1.0.md * clarify default encoding content type value. * Describe interaction between JSON Schema contentEncoding and HTTP Content-Encoding header Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Kistler <[email protected]> * 3.1.0 release prep (OAI#2461) * 3.1.0 release prep * Update README.md * reframing `user` as `author` (OAI#2463) Per comment in review, authors determine whether a spec is a single or multipart document. Those who consume the spec care more about the information itself and less (or not at all directly) about how it was assembled. * fixed the dash character Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: Deven Phillips <[email protected]> Co-authored-by: Vladimir <[email protected]> Co-authored-by: Quint Daenen <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]>

@handrews

* 3.1.0 prep * Update README * Allow specification extensions in discriminator object * Note that specification extensions beginning x-oas- are reserved * security; add mutualTLS securityScheme type * 832 add info.summary (OAI#1779) * Fix: OAI#832. Add info.summary. * Fix: summary is shord, description is verbose. Be consistent with other definitions of summary and description. * fix OIDC url and OAuth2 requirements Signed-off-by: Axel Nennker <[email protected]> * Update Schema Object to proper JSON Schema * update vocab and arbitrary props * another go at arbitrary keywords * feedback from @handrews * Support style, explode, allowReserved encoding for multipart/form-data (OAI#2066) * Extend style, explode, allowReserved in encoding to multipart-formdata (OAI#2018) * Update versions/3.1.0.md Co-Authored-By: Ron <[email protected]> * Replace details of multipart/form-data format with referce to RFC 7578 * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> * default should match json schema * removed json schema keyworld list, its just all of em. * redundant $ref reference * Correct Styles Values for spaceDelimited and pipeDelimited, as based on Style Examples, they support objects. * Add support for webhooks as a top-level element (OAI#2103) * Add webhooks as a top-level element to the spec * Add the changes from OAI#2048 and signpost webhooks * Add an example of webhooks * Relocate and expand on webhooks section following feedback * Better wording to describe expectations on API consumers * Clearer wording for why the paths element is here * Update language to make callbacks clearer * Align the OAS 3.1 nullable language with the 3.0.3 (OAI#2115) This adapts the language from PR OAI#2046, with minimal wording tweaks to account for type now being able to have multiple values (type arrays). * allow, but discourage, requestBody for GET, HEAD, DELETE (OAI#2117) * Reference Object and Schema Object use of $ref updates for 2019-09 / OAS 3.1 (OAI#2107) * Checkpoint of draft * Fix typo. Co-Authored-By: Darrel <[email protected]> * Fix plural anchor Co-Authored-By: Mike Ralphson <[email protected]> * Remove superfluous specification Co-Authored-By: Phil Sturgeon <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> * Fix table cell formatting containing `nullable` description (OAI#2152) * Add SPDX identifier field to license object, fixes OAI#1599 (OAI#2105) * Add information about objects to the description too * Make paths object optional (OAI#1781) * Make paths object optional * Adding reusable Path Item Objects Under `components` * Adopt DM's suggested change to OpenAPI doc definition * Cleanup use of specification and definition where we mean document * multipartite>composite, define ACL * Add ' | Reference Object' to callbacks/webhooks Co-authored-by: Ron <[email protected]> * Fwd port v3.0.3 dev to v3.1.0 dev (OAI#2163) * fix typo in Callback Object Signed-off-by: Mike Ralphson <[email protected]> * retain typo in v3.0.2; fix for v3.0.3 (OAI#1899) Signed-off-by: Mike Ralphson <[email protected]> * Clarify empty Security Requirement Object usage and validity (OAI#1886) * Clarify empty Security Requirement Object usage and validity * Reorder sentences to make clearer. * Remove wrong text. * Removed unneeded text. Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Ron's wording for Darrels feedback Signed-off-by: Mike Ralphson <[email protected]> * ted updates Signed-off-by: Mike Ralphson <[email protected]> * Replace 'application' by 'API' within the 'Info Object' definition. (OAI#2004) Signed-off-by: Mike Ralphson <[email protected]> * Path Templating Clarification - proposed fix for OAI#1830. (OAI#1831) * Proposed fix for OAI#1830. Each variable expression in a path must have a corresponding path parameter. * OAI#1830 - Removed 'at least once' to defer the question about repeated references to a single path parameter. * Update OAI#1830 fix with suggestion from Darrel @darrelmiller suggestions we use "template expression" instead of "variable expression" to align with RFC6570. Good idea. Signed-off-by: Mike Ralphson <[email protected]> * yaml.org supports https, but www.yaml.org is misconfigured Signed-off-by: Mike Ralphson <[email protected]> * Updated text for OperationRef Signed-off-by: Mike Ralphson <[email protected]> * fix a typo in the Security Filtering section (OAI#1837) * fix a typo in the Security Filtering section * Security filtering slight reword Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Make ABNF for runtime expressions complete Signed-off-by: Mike Ralphson <[email protected]> * Explain unclear semantics of property `$ref` in Path Item Object (OAI#1964) * Explain unclear semantics of property `$ref` in Path Item Object Currently, as explained in OAI#1038 (comment) the description of `$ref` in [Path Item Object](https://github.com/OAI/OpenAPI-Specification/blob/3.0.2/versions/3.0.2.md#pathItemObject) is unclear about the semantics behing it. I took the explaination from issue OAI#1038 to make it more clear. * Update versions/3.1.0.md Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Clarify constraints on Security Scheme Object Scheme Property (OAI#1880) * Wording around scheme extensions * Clarified that securitySchemeScheme is only a SHOULD be registered scheme Signed-off-by: Mike Ralphson <[email protected]> * fix difference between yaml and json in Response Object Examples Signed-off-by: Mike Ralphson <[email protected]> * Server Variable Object clarifications (OAI#1809) * Server Variable Object clarifications * Toned language down for proper semver versioning Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> * Update 3.0.3 for release (OAI#2149) * Update README.md for release * Update release date for 3.0.3 Signed-off-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-Authored-By: Darrel <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Fixed typo Signed-off-by: Mike Ralphson <[email protected]> * explicit 'forward slash' Signed-off-by: Mike Ralphson <[email protected]> * fix OAI#2053: `style` keyword is not supported inside Schema object Signed-off-by: Mike Ralphson <[email protected]> * OpenAPI not Open API Signed-off-by: Mike Ralphson <[email protected]> * backticks Signed-off-by: Mike Ralphson <[email protected]> * minor clarification for operationId usage in link objects (OAI#1733) * minor clarification it's a bit confusing that both the id and the reference are called "operationId", so this tweak makes the text a bit more explicit. * use right terminology Co-Authored-By: Mike Ralphson <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * Update 3.1.0.md fixed typo Signed-off-by: Mike Ralphson <[email protected]> * Removed confusing comment Signed-off-by: Mike Ralphson <[email protected]> * Clarify the spec to allow optional or unspecified OAuth scopes (OAI#1888) * Referencing issue OAI#513. Clarify the spec to accommodate OAuth schemes where scope may be unspecified (optional scope) or where scope is not used at all. * Removed the provision for default scope represented as empty string. This introduces some ambiguities in the Security Requirement Object that would need to be addressed. * For OAI#513, adjusting language and removing examples For OAI#513, adjusting language and removing examples as suggested by @webron. * removed unnecessary example header Co-authored-by: Ron <[email protected]> Signed-off-by: Mike Ralphson <[email protected]> * The examples keyword is not supported inside schema (OAI#2042) * examples not supported inside schema * figured it out * a tiny little edit Signed-off-by: Mike Ralphson <[email protected]> * Fix 'Security Scheme Object' definition with OAuth 2.0 grant types. (OAI#2006) Signed-off-by: Mike Ralphson <[email protected]> * Fix formatting errors in example (OAI#2132) Signed-off-by: Mike Ralphson <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Ron <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> * security; widen use of scopes array to other securityScheme types (OAI#1829) Co-authored-by: Ron <[email protected]> * Allow summary and description as $ref siblings (OAI#2181) * HTTP not REST (OAI#1946) Co-authored-by: Phil Sturgeon <[email protected]> * Missing updates While going over the changes for the release notes, found two issues: - The TOC entry for `Relative references in URIs` was not modified to match the change in the spec. - The `Paths Object` had an extra sentence that should have not been there (referencing sub-documents and overlays). * Remove boolean compatibility for exclusive* (OAI#2226) This brings exclusiveMinimum, exclusiveMaximum, minimum, and maximum, into full modern JSON Schema compatibility. There are no edits directly mentioning minimum and maximum, but removing the boolean form simplifies their processing by making it context-independent. * Update "format" and "content*" for new JSON Schema (OAI#2200) * Update "format" and "content*" for new JSON Schema This removes OAS formats and examples that are now superfluous as they are part of the 2019-09 JSON Schema draft. Similarly it deprecates the "byte" and "binary" formats in favor of JSON Schema's "contentEncoding" and "contentMediaType" keywords, and updates various related exapmles and other guidance. It also removes confusingly blank rows in the OAS format table. * "format" is an annotation * Fix broken table, type, in Encoding Object Broke some things while updating for "content*" * Fix format of `format` Backticks, not double quotes. * Remove unneeded detail on "format" This was just duplicating info from the JSON Schema spec. Co-authored-by: Darrel <[email protected]> * Remove "byte" and "binary" formats altogether. Instead of just deprecating. The "content*" keywords now cover these use cases. * Harmonize JSON Schema content* + Media Type Object Includes harmonizing with the Encoding Object. In general, OpenAPI objects set the media type, although there is a case for `contentMediaType` with multipart/form-data. Otherwise, `contentEncoding` replaces the now-removed custom formats. A possibly controversial change is to indicate unencoded binary data by omitting `type` (or omitting the schema altogether), as binary data does not conform to JSON string requirements. This could still be done with `type: string` if that is preferred. It's going to be a bit weird either way. I can add wording in the next JSON Schema draft to clarify whichever approach makes more sense. * Fix typos from review * Remove stray {} * Fix inconsistencies contentMediaType and Encoding Object Co-authored-by: Darrel <[email protected]> * [3.1.0-dev] drop OAS semver requirement (OAI#2243) * drop OAS semver requirement * Update versions/3.1.0.md Co-authored-by: Darrel <[email protected]> * Remove "nullable" entirely (OAI#2246) * x-oas- to x-oai- (v3.1.0-dev) * Update version for release (OAI#2269) * $schema Guidance (OAI#2266) * chore: explain how $schema might work * reordered and made it specifically only schema resources * Update versions/3.1.0.md Co-authored-by: Karen Etheridge <[email protected]> * Update versions/3.1.0.md Co-authored-by: Ben Hutton <[email protected]> * new approach Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> * x-oai- / x-oas-; reserve both * v3.1.0: rephrase data-type section because `format` keyword can be used for any data type. (OAI#2302) * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * The JSON schema specification states the format keyword can be used for any data type, not just primitive types * Added change to address OAI#2287 (OAI#2328) Co-authored-by: Darrel Miller <[email protected]> * Make Server Variable Object's properties more strict (OAI#2335) Followup to OAI#1809, now that we allow breaking changes. * docs(Components): fix typo in schemas field type (OAI#2337) * Fix indentation of a YAML comment * Removed required constraint on responses object (OAI#2329) Co-authored-by: Darrel Miller <[email protected]> * 3.1.0-rc1 Release prep (OAI#2369) * Update 3.1.0.md * Merge branch 'master' into v3.1.0-dev * Added words relating to adopting semantics of JSON Schema (OAI#2330) * Added words relating to adopting semantics of JSON Schema * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> * Update versions/3.1.0.md Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * fix typo in release history table * fix link to style values in serialization table * Fix misspelling of a keyword in text (OAI#2389) * Update wording that referred to the year 2019 as the current year (OAI#2390) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema (OAI#2394) * Added link to JSON Schema Validation docs explain which formats are included in JSON Schema * Update verbiage to be more accurate Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Mike Ralphson <[email protected]> * Update 3.1.0.md (OAI#2405) Improve wording about 'summary' and 'description' in Reference Object * long descriptions are cool too (OAI#2408) Co-authored-by: Phil Sturgeon <[email protected]> * Unescaped Slashes Aint Welcome Around 'Ere (OAI#2218) * oas 3.0 doesn't mention slashes not allowed * none of those either Co-authored-by: Phil Sturgeon <[email protected]> * Add missing field and use same summaries in Request Body Examples. (OAI#2362) * Add missing schema type in Operation Object YAML Example. (OAI#2361) * OAS schema dialect clarifications (OAI#2399) * OAS schema dialect clarifications * OAS schema dialect clarifications Signed-off-by: Mike Ralphson <[email protected]> * $schema is allowed in subschemas when bundling Co-authored-by: Ben Hutton <[email protected]> * Schema dialect clarifications from Ben Signed-off-by: Mike Ralphson <[email protected]> * Use top-level jsonSchemaDialect field Co-authored-by: Ben Hutton <[email protected]> * Update JSON Schema Draft to 2020-12 and make $ref resolution rules explicit (OAI#2437) * fix http link to json-schema.org Signed-off-by: Mike Ralphson <[email protected]> * fix http link to spec.commonmark.org Signed-off-by: Mike Ralphson <[email protected]> * Specify rules for $ref resolution Signed-off-by: Mike Ralphson <[email protected]> * Specify relative resolution rules for pathItem $ref and example externalValue Signed-off-by: Mike Ralphson <[email protected]> * Update JSON Schema draft links to 2020-12 IETF pages Signed-off-by: Mike Ralphson <[email protected]> * Make language about 'MUST be in the form of a ...' consistent Signed-off-by: Mike Ralphson <[email protected]> * Make it clear pathItem $refs don't need to be external now Signed-off-by: Mike Ralphson <[email protected]> * Make RFC links consistent with regard to spacing Signed-off-by: Mike Ralphson <[email protected]> * Allow a URI for example.externalValue fields This makes it fall under the rules for relative references. Signed-off-by: Mike Ralphson <[email protected]> * Explicitly call out $ref as a Relative Reference * Remove wording about what implementations SHOULD/MAY do with a $ref * Prefer 'referenced document' to 'referrant document' for clarity * Fix JSON Schema $ref resolution fallback rule * Add links back to #relativeReferences definition * Split #relativeReferences definition into URL and URI sections Signed-off-by: Mike Ralphson <[email protected]> * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 (OAI#2442) * Clean-up wording about $refs in responsesObjects, fixes OAI#1679 * Agreed to remove explicit verbiage around $refs in responseObjects, fixes OAI#1679 * fix: two typos in versions/3.1.0.md (OAI#2452) * Fix, clarify, and simplify content type schemas (OAI#2351) * Fix, clarify, and simplify content type schemas This fixes OAI#2349, which caught that an encoded PNG image is encoded into a text media type. In the process I realized some other errors, and simplified things. * HTTP `Content-Type` is always handled by OAS * Media Type Object key in most cases * Encoding object (possibly inferred from schema) in `multipart/form-data` * HTTP-level `Content-Encoding` is always handled by the OAS Header Object * JSON Schema "content*" is used for embedding one media type into another * the encoded resource is of media type `text/plain` * `"contentMediaType"` is the embedded media type after decoding * `"contentEncoding"` is how to encode/decode binary to/from text This removes any chance of `"contentMediaType"` conflicting with the Media Type Object key or with `contentType` in the Encoding Object, as they now always do different things. Likewise, the HTTP `Content-Encoding` header (with values like gzip, deflate, etc.) does different things than `"contentEncoding"` (which has values like base64, base64url, quoted-printable, etc.). The deprecated part header `Content-Transfer-Encoding` is likewise handled in the Encoding Object, but is probably never used. * Fix Content-Type to indicate semantics ...rather than literal content format on the wire. * Update 3.1.0.md Fixed a typo and changed a SHOULD to MAY. * Update versions/3.1.0.md * clarify default encoding content type value. * Describe interaction between JSON Schema contentEncoding and HTTP Content-Encoding header Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Mike Kistler <[email protected]> * 3.1.0 release prep (OAI#2461) * 3.1.0 release prep * Update README.md * reframing `user` as `author` (OAI#2463) Per comment in review, authors determine whether a spec is a single or multipart document. Those who consume the spec care more about the information itself and less (or not at all directly) about how it was assembled. * fixed the dash character Co-authored-by: Mike Ralphson <[email protected]> Co-authored-by: Roberto Polli <[email protected]> Co-authored-by: Axel Nennker <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Mike Kistler <[email protected]> Co-authored-by: Darrel <[email protected]> Co-authored-by: Arhimenrius <[email protected]> Co-authored-by: Lorna Jane Mitchell <[email protected]> Co-authored-by: Henry Andrews <[email protected]> Co-authored-by: Alan Crosswell <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: seiya <[email protected]> Co-authored-by: Adam Leventhal <[email protected]> Co-authored-by: Sebastián Ramírez <[email protected]> Co-authored-by: Patrice Krakow <[email protected]> Co-authored-by: Ted Epstein <[email protected]> Co-authored-by: Carsten Brandt <[email protected]> Co-authored-by: Sergej <[email protected]> Co-authored-by: nasa9084 <[email protected]> Co-authored-by: Erik Wilde <[email protected]> Co-authored-by: Marsh Gardiner <[email protected]> Co-authored-by: Phil Sturgeon <[email protected]> Co-authored-by: Karen Etheridge <[email protected]> Co-authored-by: Ben Hutton <[email protected]> Co-authored-by: Sebastien Rosset <[email protected]> Co-authored-by: Darrel Miller <[email protected]> Co-authored-by: Vladimir Gorej <[email protected]> Co-authored-by: Helen Kosova <[email protected]> Co-authored-by: Deven Phillips <[email protected]> Co-authored-by: Vladimir <[email protected]> Co-authored-by: Quint Daenen <[email protected]>

cebe commented Jun 28, 2019

View reviewed changes

versions/3.0.3.md Outdated Show resolved Hide resolved

OAI deleted a comment from ArtonaDigital Jul 1, 2019

MikeRalphson mentioned this pull request Feb 7, 2020

[Release] v3.0.3 preparation checklist #2130

Closed

Update versions/3.0.3.md

8f97ace

webron approved these changes Feb 18, 2020

View reviewed changes

webron merged commit 2c0f912 into OAI:v3.0.3-dev Feb 18, 2020

cebe deleted the patch-1 branch February 20, 2020 22:08

PhilYue mentioned this pull request Oct 28, 2020

v3.1.0-rc1 Release (#2370) PhilYue/OpenAPI-Specification#1

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Explain unclear semantics of property `$ref` in Path Item Object #1964

Explain unclear semantics of property `$ref` in Path Item Object #1964

cebe commented Jun 28, 2019

tedepstein commented Jun 29, 2019 •

edited

Loading

cebe commented Jul 1, 2019

tedepstein commented Jul 1, 2019

philsturgeon commented Jul 19, 2019

cebe commented Jul 22, 2019

tedepstein commented Jul 22, 2019

tedepstein commented Jul 22, 2019

MikeRalphson commented Dec 23, 2019 •

edited

Loading

tedepstein commented Dec 24, 2019

MikeRalphson commented Feb 7, 2020

handrews commented Feb 7, 2020

webron commented Feb 10, 2020

handrews commented Feb 10, 2020

webron commented Feb 10, 2020

handrews commented Feb 10, 2020

handrews commented Feb 10, 2020

webron commented Feb 10, 2020

MikeRalphson commented Feb 14, 2020

Explain unclear semantics of property $ref in Path Item Object #1964

Explain unclear semantics of property $ref in Path Item Object #1964

Conversation

cebe commented Jun 28, 2019

tedepstein commented Jun 29, 2019 • edited Loading

cebe commented Jul 1, 2019

tedepstein commented Jul 1, 2019

philsturgeon commented Jul 19, 2019

cebe commented Jul 22, 2019

tedepstein commented Jul 22, 2019

tedepstein commented Jul 22, 2019

MikeRalphson commented Dec 23, 2019 • edited Loading

tedepstein commented Dec 24, 2019

MikeRalphson commented Feb 7, 2020

handrews commented Feb 7, 2020

webron commented Feb 10, 2020

handrews commented Feb 10, 2020

webron commented Feb 10, 2020

handrews commented Feb 10, 2020

handrews commented Feb 10, 2020

webron commented Feb 10, 2020

MikeRalphson commented Feb 14, 2020

Explain unclear semantics of property `$ref` in Path Item Object #1964

Explain unclear semantics of property `$ref` in Path Item Object #1964

tedepstein commented Jun 29, 2019 •

edited

Loading

MikeRalphson commented Dec 23, 2019 •

edited

Loading